If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

BT5 + nesses pentest help

the situation - using metasploit + nessus to give justification to expand the IT budget:

what i have done - set up a laptop with BT 5 (updated metasploit) install nessus (updated as well) got postgres to work with metasploit.

what i have - a nmap scan (all 3 file formats) of our work subnet, from which i got a list of all ip address that i am interested in, broke that up into groups of 15 ip address and fed that into nessus; from which i got an xml file to put into msf

so to sum it up complete venerability scan of our network...

did a db_vulns and single out some of the ip that i wanted to check...ran msf>use <exploit> with the necessary option for the one i am interested in.

the problem - all of them said that the exploit finished successful but no sessions was started...now my question is how can i go further without a session? i am looking to either do a dir dump or copy a file or write a file to anyone off the pc, in order to show that it can be breach...the aim of all of this is to justify buying either qualys, netexpose to use within the company...

if i missed out some of the steps involved or if there is anything else that i can do pleas let me know..thanks

Re: BT5 + nesses pentest help

That being said if you want to show your boss how vulnerable your system(s) is/are check out SET. Shoot your boss an email with a link to a cloned site or a .pdf with an embedded java applet to open a reverse meterpreter shell.

After all you can patch your systems and spend millions of dollars on gadgets but all it takes is one user clicking something they shouldn't and it's all over.

Re: BT5 + nesses pentest help

firstly, thanks for the reply, from what the nessus scan returned i got some exploits, for some of the hosts, i didnt want to use the autopawn so seeing that they were a handfull i didnt them manually one by one..see the list below

all I am getting is "exploit completed but no sessions started...not to sure what to do from there, also i am interested in "/windows/smb/psexec" but i need to pass credentials for that to work if I understand that any way that i can capture those (w/out using the ones that I have offically)

Re: BT5 + nesses pentest help

That being said if you want to show your boss how vulnerable your system(s) is/are check out SET. Shoot your boss an email with a link to a cloned site or a .pdf with an embedded java applet to open a reverse meterpreter shell.

After all you can patch your systems and spend millions of dollars on gadgets but all it takes is one user clicking something they shouldn't and it's all over.

while that is an option, and a very good point, at the time we have other looking into that, basically my task(s) test the internal network, but i will let them know about it

Re: BT5 + nesses pentest help

Seems like you're stuck in the middle. I'm on the network security side and we don't have time to deal with OS vulnerabilities. That is up to the sys admins. If I had to worry about every box's footprint AND layers 3 and 4, I would quit. Tomorrow. Good luck!

Re: BT5 + nesses pentest help

Originally Posted by VYCanisMajoris

Seems like you're stuck in the middle. I'm on the network security side and we don't have time to deal with OS vulnerabilities. That is up to the sys admins. If I had to worry about every box's footprint AND layers 3 and 4, I would quit. Tomorrow. Good luck!

we got a good report out of it, we are looking to do it from and outside perspective, no i agree its up to the sys admins but I am on the security team, so its good to know, it took about a week to get all the data that we needed and plan out some exploits, thankfully we are management is giving us some money to get a lab where we can do these test now,

when you say your on the network security side can you explain a bit more about that? do you only deal with routers and layer 3 devices?